On Mon, Dec 12, 2005 at 03:56:18PM +0100, Németh Tamás wrote: > Is this communication invalid? Is it against rfc?
Yes, it violates the TCP RFC 793, see sections "Knowing When to Keep Quiet" and "The TCP Quiet Time Concept" starting on page 27 of http://www.faqs.org/rfcs/rfc793.html The concept of the quiet period is not specific to pf, but to TCP in general. Even if you'd disable pf, you'd most likely notice that your second hping SYN would not elicit a second SYN+ACK from the recipient, as the recipient's TCP/IP stack also keeps a record of the first (reset) connection with a TIME_WAIT (or CLOSED) state (try netstat -n on the recipient). Daniel
